CN110909345B - Tamper-proof method and system for Java system open source software - Google Patents
Tamper-proof method and system for Java system open source software Download PDFInfo
- Publication number
- CN110909345B CN110909345B CN201911214232.6A CN201911214232A CN110909345B CN 110909345 B CN110909345 B CN 110909345B CN 201911214232 A CN201911214232 A CN 201911214232A CN 110909345 B CN110909345 B CN 110909345B
- Authority
- CN
- China
- Prior art keywords
- open source
- source software
- preset
- verification
- code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Stored Programmes (AREA)
Abstract
The invention provides a method and a system for preventing Java system open source software from being tampered, wherein the method comprises the following steps: receiving a starting instruction transmitted by an Jvm module in a Java system application program; determining all open source software in an application program through a probe formed based on JavaAgent, and verifying the open source software according to a preset verification rule to obtain a verification result; and determining whether the open source software is tampered according to the verification result, and if the open source software is tampered, executing early warning operation.
Description
Technical Field
The invention relates to the technical field of computer software development, in particular to a method and a system for preventing Java system open source software from being tampered.
Background
A system developed based on Java will introduce a lot of open source software. However, if the open source software is obtained from an unsafe channel rather than a legal product library, malicious codes may exist in the open source software, which may pose a great threat to the production environment. It is common practice to establish a complete and strict management system, process and role to minimize the above mentioned risks, for example, the source software is verified by special personnel before production, which reduces the risk injection to some extent. However, the method still depends on the management system and is not implemented on the technology/tool, so that the risk of manual operation exists, and the verification and real production before the system is put into production have time and space gaps, and still have the risk of being tampered.
Disclosure of Invention
The invention aims to provide a Java system open source software tamper-proofing method, which is characterized in that a probe is arranged in the Java system open source software, and the open source software is verified each time the open source software is started so as to determine whether the open source software is tampered. Another object of the present invention is to provide a Java system open source software tamper resistant system. It is a further object of this invention to provide such a computer apparatus. It is a further object of this invention to provide such a readable medium.
In order to achieve the above object, the present invention discloses, on one hand, a method for preventing tampering of open source software of a Java system, comprising:
receiving a starting instruction transmitted by an Jvm module in a Java system application program;
determining all open source software in an application program through a probe formed based on JavaAgent, and verifying the open source software according to a preset verification rule to obtain a verification result;
and determining whether the open source software is tampered according to the verification result, and if the open source software is tampered, executing early warning operation.
Preferably, the method further comprises, before starting the Java system application:
and performing coding operation on the open source software by adopting a preset coding algorithm according to a preset check rule to obtain a code corresponding to each open source software and storing the codes.
Preferably, the preset encoding algorithm is a hash algorithm.
Preferably, the obtaining and storing the codes corresponding to each open source software by performing coding operation on the open source software according to a preset check rule by using a preset coding algorithm specifically includes:
reading Jar files of open source software to a byte array;
according to the byte number of the byte array, the coded byte array is obtained by adopting md5 or sha1 coding;
and performing base64 encoding on the encoded byte array to obtain and store the corresponding code of the open source software.
Preferably, the verifying the open source software according to the preset verification rule to obtain the verification result specifically includes:
coding operation is carried out on all open source software by adopting a preset coding algorithm to obtain a check code corresponding to each open source software;
and comparing the check code with the stored code to obtain a check result.
The invention also discloses a system for preventing the Java system open source software from being tampered, which comprises:
the instruction receiving unit is used for receiving a starting instruction transmitted by the Jvm module in the Java system application program;
the open source software verification unit is used for determining all open source software in an application program through a probe formed based on JavaAgent, and verifying the open source software according to a preset verification rule to obtain a verification result;
and the early warning feedback unit is used for determining whether the open source software is tampered according to the verification result, and executing early warning operation if the open source software is tampered.
Preferably, the system further includes a presetting unit, configured to perform coding operation on the open-source software by using a preset coding algorithm according to a preset check rule before starting the Java system application program, to obtain a code corresponding to each open-source software, and store the code.
Preferably, the preset encoding algorithm is a hash algorithm.
Preferably, the preset unit is specifically configured to read Jar files of the open source software to a byte array, obtain an encoded byte array by using md5 or sha1 encoding according to the number of bytes of the byte array, perform base64 encoding on the encoded byte array, obtain an encoding corresponding to the open source software, and store the encoding.
Preferably, the open-source software verification unit is specifically configured to perform coding operation on all open-source software by using a preset coding algorithm to obtain a verification code corresponding to each open-source software, and compare the verification code with a stored code to obtain a verification result. The invention also discloses a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor,
the processor, when executing the program, implements the method as described above.
The invention also discloses a computer-readable medium, having stored thereon a computer program,
which when executed by a processor implements the method as described above.
According to the method, the probe formed on the basis of the JavaAgent is arranged in the Java system application program, when the application program is started, after the Jvm module is started and before the main body of the application program is started, the open source software in the application program is scanned through the probe, the open source software obtained through scanning is verified according to the preset verification rule, so that whether the open source software in the application program is tampered or not is determined, if the open source software in the application program is tampered, the corresponding early warning operation is executed, and the system safety risk is reduced. The open source software is verified when the application program is started every time, the overtaking cannot be realized, the open source software of the Java is prevented from being tampered before or in the production operation process, the safety of the system is greatly improved, the workload of manual inspection is also avoided, and the verification efficiency is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart illustrating an embodiment of a method for tamper-proofing open source software of a Java system according to the present invention;
FIG. 2 is a second flowchart illustrating a method for tamper-proofing open source software of a Java system according to an embodiment of the present invention;
FIG. 3 is a third flowchart illustrating a method for tamper-proofing open source software of a Java system according to an embodiment of the present invention;
FIG. 4 is a fourth flowchart illustrating a method for tamper-proofing open source software of a Java system according to an embodiment of the present invention;
FIG. 5 is a block diagram of one embodiment of a Java system open source software tamper resistant system according to the present invention;
FIG. 6 is a second block diagram of an embodiment of a Java system open source software tamper-resistant system according to the present invention;
FIG. 7 illustrates a schematic diagram of a computer device suitable for use in implementing embodiments of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. The terms "comprises" and "comprising," and any variations thereof, in the description and claims of this invention and the above-described drawings, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
It should be noted that the embodiments and features of the embodiments may be combined with each other without conflict. The present invention will be described in detail below with reference to the embodiments with reference to the attached drawings.
In one or more embodiments of the present application, Java refers to a programming language, platform, toolset.
In one or more embodiments of the present application, JavaAgent refers to a java technology that runs a pre-process of a java program understood to run that class specified in Premain-class after jvm starts and before running the main method.
In one or more embodiments of the application, the open source software refers to free/free software provided by an open source community, and one java application comprises a plurality of open source software. These open sources of software save a lot of cost (reuse) for program development, because the open source software is numerous, different download channels, different security vulnerabilities, and different open source protocols, which also can cause security problems, etc.
In one or more embodiments of the present application, tampering refers to the stages of the software engineering process, including from software writing to software delivery through to the stages of official commissioning, running, some open source software is susceptible to malicious code that could be injected by an otherwise malicious person, thereby disrupting the production environment.
In one or more embodiments of the present application, the artifact library refers to a place where open source software files (jar) are uniformly stored.
In one or more embodiments of the present application, the md5/sha1 code generates a fixed-length character string according to the content of a file, and the generated fixed-length character string is different from file to file, which is a hash encoding technique.
According to one aspect of the invention, the embodiment discloses a method for preventing the open source software of the Java system from being tampered. As shown in fig. 1, in this embodiment, the method includes:
s100: and receiving a starting instruction transmitted by the Jvm module in the Java system application program.
S200: all open source software in the application program is determined through a probe formed based on the JavaAgent, and the open source software is verified according to a preset verification rule to obtain a verification result.
S300: and determining whether the open source software is tampered according to the verification result, and if the open source software is tampered, executing early warning operation.
According to the method, the probe formed on the basis of the JavaAgent is arranged in the Java system application program, when the application program is started, after the Jvm module is started and before the main body of the application program is started, the open source software in the application program is scanned through the probe, the open source software obtained through scanning is verified according to the preset verification rule, so that whether the open source software in the application program is tampered or not is determined, if the open source software in the application program is tampered, the corresponding early warning operation is executed, and the system safety risk is reduced. The efficiency of manual inspection is improved, and is safe and efficient.
In a preferred embodiment, as shown in FIG. 2, the method further comprises, prior to launching the Java System application:
s000: and performing coding operation on the open source software by adopting a preset coding algorithm according to a preset check rule to obtain a code corresponding to each open source software and storing the codes. Preferably, the preset encoding algorithm may be a hash algorithm.
In a preferred embodiment, as shown in fig. 3, the S000 may specifically include:
s010: reading Jar files of the open source software to the byte array.
S020: and according to the byte number of the byte array, encoding by using md5 or sha1 to obtain the encoded byte array.
S030: and performing base64 encoding on the encoded byte array to obtain and store the corresponding code of the open source software.
It can be understood that a Web service may be preset, and the code of the open source software may be stored in the Web service, for example, in a specific example, the code of the open source software may be stored in a standard baseline file, the format of the standard baseline file may be baseline.ini, the code of the open source software may be stored in the baseline.ini file, the code may be stored in a key-value structure, and includes information such as the name of the open source software and the corresponding code, and the code information stored in the key-value structure may be "open source software english name-code", for example, in a specific example, the key-value code information is as shown in table 1.
TABLE 1
Furthermore, the Web service can also provide an external access function, so that when the probe checks the open source software, the probe accesses the Web service to obtain a code, compares the code with the check obtained by checking the open source software when the application program runs, and determines whether the open source software is tampered.
In a preferred embodiment, the Web service may further provide a log storage function, and after the verification result obtained by verification, a verification log may be formed according to the verification process and the result of the open source software, and the obtained verification log is stored in the Web service, which may facilitate user inspection.
In a preferred embodiment, as shown in fig. 4, the step S200 of verifying the open source software according to a preset verification rule to obtain a verification result specifically includes:
s210: coding operation is carried out on all open source software by adopting a preset coding algorithm to obtain a check code corresponding to each open source software;
s220: and comparing the check code with the stored code to obtain a check result.
It can be understood that after the application program starts Jvm module, the JavaAgent probe is set before main program runs, and the verification of the open source software in the application program is realized through the probe, so that the application program can check whether the open source software is falsified once when starting each time, the open source software is prevented from being falsified before or during production and running, the safety of the system is greatly improved, the workload of manual inspection is also avoided, and the verification efficiency is improved.
The probe may include a JavaAgent startup symbol and open source software information to be verified. In one specific example, the probe can be implemented by the following procedure: javaagent E:/gcs-widget-check-1.0.0. jar. Wherein, the expression "java: "shows that the verification of the open source software is started through the JavaAgent technology, and E:/gcs-widget-check-1.0.0.jar is the preset storage address and name of the open source software needing to be scanned, and the corresponding open source software can be coded after being read through the storage address and the name.
The probe traverses open source software in an application program, namely scans all Jar files, performs coding operation on the open source software through a preset coding algorithm to obtain codes of the open source software, for example, when an md5 or sha1 coding technology is adopted, md5 or sha1 codes of all the open source software are obtained through calculation, further a jarscode list can be preset, and open source software information and corresponding md5 or sha1 codes are stored in the jarscode list, for example, shown in table 2.
TABLE 2
| Jar name | code(md5/sha1) |
| gcs-widget-batch-0.0.1.jar | r20El5YE9LW6XiKDJ7Ks8Q==10 |
| spring-core-3.2.0.RELEASE.jar | nx2kw2SfIhN+edc88LeYyw== |
In a preferred embodiment, it is determined whether the open source software is tampered according to the verification result in S300, and if the open source software is tampered, an early warning operation is executed. In a specific example, the verification result may include success, failure, absence of a baseline, and the like, and the corresponding warning operation may be preset according to different results, in an optional implementation manner, the main program may be continuously executed for a successful verification result, the main program may not be executed any more for a failed verification result, the start of the application program is interrupted, the verification result for absence of a baseline may be continuously executed and the verification result may be fed back to the user, in another optional implementation manner, the main program may also be directly continuously executed without interrupting the start of the application program, the verification result is stored in a verification log form for the user to view or the warning information is fed back to the user according to the verification result, in an actual application, other warning operations may also be adopted, which is not limited by the present invention.
Based on the same principle, the embodiment also discloses a system for preventing the Java system open source software from being tampered. As shown in fig. 5, in this embodiment, the system includes an instruction receiving unit 11, an open source software verifying unit 12, and an early warning feedback unit 13.
The instruction receiving unit 11 is configured to receive a start instruction transmitted by the Jvm module in the Java system application.
The open source software verification unit 12 is configured to determine all open source software in an application program through a probe formed based on java agent, and verify the open source software according to a preset verification rule to obtain a verification result.
The early warning feedback unit 13 is configured to determine whether the open source software is tampered according to the check result, and if the open source software is tampered, execute an early warning operation.
In a preferred embodiment, as shown in fig. 6, the system further comprises a presetting unit 10. The presetting unit 10 is configured to, before the application program of the Java system is started, perform coding operation on the open-source software by using a preset coding algorithm according to a preset check rule to obtain a code corresponding to each open-source software, and store the code. Preferably, the preset encoding algorithm is a hash algorithm.
In a preferred embodiment, the preset unit 10 is specifically configured to read a Jar file of the open-source software to a byte array, obtain an encoded byte array by encoding md5 or sha1 according to the number of bytes of the byte array, perform base64 encoding on the encoded byte array, obtain an encoding corresponding to the open-source software, and store the encoding.
In a preferred embodiment, the open source software verification unit 12 is specifically configured to perform coding operation on all open source software by using a preset coding algorithm to obtain a verification code corresponding to each open source software, and compare the verification code with the stored codes to obtain a verification result.
Since the principle of the system for solving the problem is similar to the above method, the implementation of the system can refer to the implementation of the method, and the detailed description is omitted here.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer device, which may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
In a typical example, the computer device specifically comprises a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method performed by the client as described above when executing the program, or the processor implementing the method performed by the server as described above when executing the program.
Referring now to FIG. 7, shown is a schematic diagram of a computer device 600 suitable for use in implementing embodiments of the present application.
As shown in fig. 7, the computer apparatus 600 includes a Central Processing Unit (CPU)601 which can perform various appropriate works and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM)) 603. In the RAM603, various programs and data necessary for the operation of the system 600 are also stored. The CPU601, ROM602, and RAM603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output section 607 including a Cathode Ray Tube (CRT), a liquid crystal feedback (LCD), and the like, and a speaker and the like; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 606 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted as necessary on the storage section 608.
In particular, according to an embodiment of the present invention, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the invention include a computer program product comprising a computer program tangibly embodied on a machine-readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.
Claims (8)
1. A Java system open source software tamper-proofing method is characterized by comprising the following steps:
receiving a starting instruction transmitted by an Jvm module in a Java system application program;
determining all open source software in an application program through a probe formed based on JavaAgent, and verifying the open source software according to a preset verification rule to obtain a verification result;
determining whether the open source software is tampered according to the verification result, and if the open source software is tampered, executing early warning operation;
the method further comprises, prior to launching the Java system application:
coding operation is carried out on the open source software by adopting a preset coding algorithm according to a preset check rule to obtain a code corresponding to each open source software, and the code is stored;
the method for obtaining and storing the codes corresponding to each open source software by performing coding operation on the open source software according to the preset check rule by adopting a preset coding algorithm specifically comprises the following steps:
reading Jar files of open source software to a byte array;
according to the byte number of the byte array, the coded byte array is obtained by adopting md5 or sha1 coding;
and performing base64 encoding on the encoded byte array to obtain and store the corresponding code of the open source software.
2. The method as claimed in claim 1, wherein the predetermined encoding algorithm is a hash algorithm.
3. The method for preventing the open source software of the Java system from being tampered with according to claim 1, wherein the verifying the open source software according to the preset verification rule to obtain the verification result specifically comprises:
coding operation is carried out on all open source software by adopting a preset coding algorithm to obtain a check code corresponding to each open source software;
and comparing the check code with the stored code to obtain a check result.
4. A Java system open source software tamper resistant system, comprising:
the instruction receiving unit is used for receiving a starting instruction transmitted by the Jvm module in the Java system application program;
the open source software verification unit is used for determining all open source software in an application program through a probe formed based on JavaAgent, and verifying the open source software according to a preset verification rule to obtain a verification result;
the early warning feedback unit is used for determining whether the open source software is tampered according to the verification result, and if the open source software is tampered, executing early warning operation;
the system further comprises a presetting unit, a processing unit and a processing unit, wherein the presetting unit is used for carrying out coding operation on the open source software by adopting a preset coding algorithm according to a preset check rule before the application program of the Java system is started to obtain and store a code corresponding to each open source software;
the preset unit is specifically configured to read Jar files of the open source software to a byte array, encode the byte array by using md5 or sha1 according to the number of bytes of the byte array, perform base64 encoding on the encoded byte array, obtain codes corresponding to the open source software, and store the codes.
5. The Java system open source software tamper-resistant system according to claim 4, wherein the predetermined encoding algorithm is a hash algorithm.
6. The Java system open source software tamper-proofing system according to claim 4, wherein the open source software verification unit is specifically configured to perform coding operation on all open source software by using a preset coding algorithm to obtain a verification code corresponding to each open source software, and compare the verification code with a stored code to obtain a verification result.
7. A computer device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor,
the processor, when executing the program, implements the method of any of claims 1-3.
8. A computer-readable medium, having stored thereon a computer program,
the program when executed by a processor implementing the method according to any one of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911214232.6A CN110909345B (en) | 2019-12-02 | 2019-12-02 | Tamper-proof method and system for Java system open source software |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911214232.6A CN110909345B (en) | 2019-12-02 | 2019-12-02 | Tamper-proof method and system for Java system open source software |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110909345A CN110909345A (en) | 2020-03-24 |
| CN110909345B true CN110909345B (en) | 2022-03-22 |
Family
ID=69821176
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911214232.6A Active CN110909345B (en) | 2019-12-02 | 2019-12-02 | Tamper-proof method and system for Java system open source software |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110909345B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102122263A (en) * | 2011-03-23 | 2011-07-13 | 成都勤智数码科技有限公司 | Monitoring method and device of JAVA application system in running |
| CN102622289A (en) * | 2011-01-26 | 2012-08-01 | 阿里巴巴集团控股有限公司 | Program setting method, program monitoring method, and devices and systems for program setting and monitoring |
| US20150205949A1 (en) * | 2014-01-17 | 2015-07-23 | Microsoft Corporation | Runtime application integrity protection |
| CN104834590A (en) * | 2014-02-11 | 2015-08-12 | 腾讯科技(深圳)有限公司 | Software test method and system |
| CN105094919A (en) * | 2015-08-13 | 2015-11-25 | 海信集团有限公司 | Application program starting method |
| CN107092824A (en) * | 2017-04-13 | 2017-08-25 | 北京洋浦伟业科技发展有限公司 | The operation method and device of a kind of application program |
| CN108776764A (en) * | 2018-06-26 | 2018-11-09 | 南通森雅商务服务有限公司 | A kind of traffic safety management and supervisory systems and its application method |
| CN108898007A (en) * | 2018-06-26 | 2018-11-27 | 焦点科技股份有限公司 | A kind of safety method based on JavaAgent and dll enhancing Java distribution software |
| CN109460656A (en) * | 2018-11-06 | 2019-03-12 | 深圳市风云实业有限公司 | Application program launching control method and terminal |
| CN110262955A (en) * | 2019-06-25 | 2019-09-20 | 四川长虹电器股份有限公司 | Application performance monitoring tools based on pinpoint |
| CN110348180A (en) * | 2019-06-20 | 2019-10-18 | 苏州浪潮智能科技有限公司 | A kind of application program launching control method and device |
| CN110515806A (en) * | 2019-08-30 | 2019-11-29 | 北京博睿宏远数据科技股份有限公司 | Probe configuration method, apparatus, computer equipment and storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105260654A (en) * | 2015-11-13 | 2016-01-20 | 浪潮电子信息产业股份有限公司 | Method for verifying self integrity of software system |
| CN106355081A (en) * | 2016-09-07 | 2017-01-25 | 深圳市新国都支付技术有限公司 | Android program start verification method and device |
-
2019
- 2019-12-02 CN CN201911214232.6A patent/CN110909345B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102622289A (en) * | 2011-01-26 | 2012-08-01 | 阿里巴巴集团控股有限公司 | Program setting method, program monitoring method, and devices and systems for program setting and monitoring |
| CN102122263A (en) * | 2011-03-23 | 2011-07-13 | 成都勤智数码科技有限公司 | Monitoring method and device of JAVA application system in running |
| US20150205949A1 (en) * | 2014-01-17 | 2015-07-23 | Microsoft Corporation | Runtime application integrity protection |
| CN104834590A (en) * | 2014-02-11 | 2015-08-12 | 腾讯科技(深圳)有限公司 | Software test method and system |
| CN105094919A (en) * | 2015-08-13 | 2015-11-25 | 海信集团有限公司 | Application program starting method |
| CN107092824A (en) * | 2017-04-13 | 2017-08-25 | 北京洋浦伟业科技发展有限公司 | The operation method and device of a kind of application program |
| CN108776764A (en) * | 2018-06-26 | 2018-11-09 | 南通森雅商务服务有限公司 | A kind of traffic safety management and supervisory systems and its application method |
| CN108898007A (en) * | 2018-06-26 | 2018-11-27 | 焦点科技股份有限公司 | A kind of safety method based on JavaAgent and dll enhancing Java distribution software |
| CN109460656A (en) * | 2018-11-06 | 2019-03-12 | 深圳市风云实业有限公司 | Application program launching control method and terminal |
| CN110348180A (en) * | 2019-06-20 | 2019-10-18 | 苏州浪潮智能科技有限公司 | A kind of application program launching control method and device |
| CN110262955A (en) * | 2019-06-25 | 2019-09-20 | 四川长虹电器股份有限公司 | Application performance monitoring tools based on pinpoint |
| CN110515806A (en) * | 2019-08-30 | 2019-11-29 | 北京博睿宏远数据科技股份有限公司 | Probe configuration method, apparatus, computer equipment and storage medium |
Non-Patent Citations (1)
| Title |
|---|
| 《Java程序防篡改器设计方案研究》;李玮;《读书文摘》;20151231;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110909345A (en) | 2020-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN117278224A (en) | Method and system for verifying identity attribute information | |
| CN108683502B (en) | Digital signature verification method, medium and equipment | |
| US9632765B1 (en) | Customized application package with context specific token | |
| CN112801663B (en) | Blockchain certification method, device, system, equipment and medium | |
| CN112231702B (en) | Application protection method, device, equipment and medium | |
| CN109347865B (en) | User data authentication and evidence storage method and system based on block chain technology | |
| CN105260654A (en) | Method for verifying self integrity of software system | |
| CN106709281B (en) | Patch granting and acquisition methods, device | |
| CN113434254B (en) | Client deployment method, client deployment apparatus, computer device, and storage medium | |
| CN111045722A (en) | Intelligent contract packaging method, device, system, computer equipment and storage medium | |
| CN109522683B (en) | Software tracing method, system, computer equipment and storage medium | |
| CN109150898B (en) | Method and apparatus for processing information | |
| CN111224826B (en) | Configuration updating method, device, system and medium based on distributed system | |
| CN110909345B (en) | Tamper-proof method and system for Java system open source software | |
| CN109635558B (en) | Access control method, device and system | |
| CN113849859A (en) | Linux kernel modification method, terminal device and storage medium | |
| CN110890979A (en) | Automatic deploying method, device, equipment and medium for fortress machine | |
| CN111698227B (en) | Information synchronization management method, device, computer system and readable storage medium | |
| CN113360172B (en) | Application deployment method, device, computer equipment and storage medium | |
| CN114491661A (en) | Log tamper-proofing method and system based on block chain | |
| CN114840429A (en) | Method, apparatus, device, medium and program product for identifying version conflicts | |
| CN111752600B (en) | Code anomaly detection method and device, computer equipment and storage medium | |
| CN110298146B (en) | Application processing and running method and device | |
| CN113449330A (en) | Method for transmitting Javascript encrypted file | |
| US20210044589A1 (en) | Access control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |